package common.fengkai.filepost.conf;


import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.StringUtils;
@Slf4j
@Configuration
@EnableWebSecurity
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    PasswordEncoder passwordEncoder() {
         return NoOpPasswordEncoder.getInstance();// 密码不加密
        //return new BCryptPasswordEncoder();// 密码加密
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        log.error("加载了ActuatorSecurityConfig配置");
        //表示所有的访问都必须进行认证处理后才可以正常进行*/
//        http.formLogin()
//                .loginPage("/login.html")
//                .loginProcessingUrl("/user/login")
//                .defaultSuccessUrl("/test/index")
//                .permitAll()
//                .and().authorizeRequests()
//                    .antMatchers("/","/upload","*/upload/*","**/upload/**")
//                    .permitAll().anyRequest().authenticated()
//                    .and().csrf().disable();
//        http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests()
//                .anyRequest().hasRole("admin")
//                .and().authorizeRequests().anyRequest().permitAll().and()
//                .httpBasic();
        http
                .authorizeRequests()
                .antMatchers("/actuator/**").hasAuthority("admin")
                .antMatchers("/actuator/**").hasAuthority("user")
                //所有/r/**的请求必须认证通过
                .antMatchers("/actuator/**").authenticated()
                //除了/r/**，其它的请求可以访问
                .anyRequest().permitAll();
        http
                //允许表单登录
                .formLogin()
                //自定义登录成功的页面地址
                /*.successForwardUrl("/login-success")*/;
                http.cors().disable().csrf().disable();

        log.info("加载完成");

    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 在内存中配置2个用户
        log.info("加载角色");
        auth.inMemoryAuthentication()
                .withUser("admin").password("123456").roles("admin")
                .and()
                .withUser("user").password("123456").roles("user");// 密码不加密*/

//        auth.inMemoryAuthentication()
//                .withUser("admin").password("$2a$10$fB2UU8iJmXsjpdk6T6hGMup8uNcJnOGwo2.QGR.e3qjIsdPYaS4LO").roles("admin")
//                .and()
//                .withUser("user").password("$2a$10$3TQ2HO/Xz1bVHw5nlfYTBON2TDJsQ0FMDwAS81uh7D.i9ax5DR46q").roles("user");// 密码加密
    }

}
